[libvirt] [PATCH] Fix disabling of apparmor security driver
by Christophe Fergeau
When using --without-apparmor --without-secdriver-apparmor, configure
will fail saying that AppArmor development package must be installed.
This is caused by a small bug in --with-secdriver-apparmor handling in
configure.ac which treats --without-secdriver-apparmor as if the user
had requested to enable apparmor.
---
configure.ac | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 13967e9..6ffcb03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1562,7 +1562,8 @@ AC_ARG_WITH([secdriver-apparmor],
if test "$with_apparmor" != "yes" ; then
if test "$with_secdriver_apparmor" = "check" ; then
with_secdriver_apparmor=no
- else
+ fi
+ if test "$with_secdriver_apparmor" != "no" ; then
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
fi
else
--
1.7.12.1
12 years, 6 months
[libvirt] [PATCH] Log file name passed to virConfReadFile
by Cole Robinson
---
src/util/conf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/util/conf.c b/src/util/conf.c
index 4df62b1..346b3df 100644
--- a/src/util/conf.c
+++ b/src/util/conf.c
@@ -35,6 +35,7 @@
#include "conf.h"
#include "util.h"
#include "c-ctype.h"
+#include "logging.h"
#include "memory.h"
#include "virfile.h"
@@ -763,6 +764,8 @@ virConfReadFile(const char *filename, unsigned int flags)
int len;
virConfPtr conf;
+ VIR_DEBUG("filename=%s", NULLSTR(filename));
+
if (filename == NULL) {
virConfError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__);
return NULL;
--
1.7.11.7
12 years, 6 months
[libvirt] [PATCH] docs: virsh: clarify behavior of send-key
by Cole Robinson
https://bugzilla.redhat.com/show_bug.cgi?id=860004
---
tools/virsh.pod | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 0481e1f..8a30ce2 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1295,6 +1295,10 @@ will be held for that many milliseconds. The default codeset is
B<linux>, but use of the I<--codeset> option allows other codesets to
be chosen.
+If multiple keycodes are specified, they are all sent simultaneously
+to the guest, and they may be received in random order. If you need
+distinct keypresses, you must use multiple send-key invocations.
+
=over 4
=item B<linux>
@@ -1359,10 +1363,14 @@ bit of the first byte. No symbolic names are provided.
=back
B<Examples>
- # send three strokes 'k', 'e', 'y', using xt codeset
+ # send three strokes 'k', 'e', 'y', using xt codeset. these
+ # are all pressed simultaneously and may be received by the guest
+ # in random order
virsh send-key dom --codeset xt 37 18 21
+
# send one stroke 'right-ctrl+C'
virsh send-key dom KEY_RIGHTCTRL KEY_C
+
# send a tab, held for 1 second
virsh send-key --holdtime 1000 0xf
--
1.7.11.7
12 years, 6 months
[libvirt] [PATCH] daemon: Avoid 'Could not find keytab file' in syslog
by Cole Robinson
On F17 at least, every time libvirtd starts we get this in syslog:
libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory
This comes from cyrus-sasl, and happens regardless of whether the
gssapi plugin is requested, which is what actually uses
/etc/libvirt/krb5.tab.
While cyrus-sasl shouldn't complain, we can easily make it shut up by
commenting out the keytab value by default.
Also update the keytab comment to the more modern one from qemu's
sasl config file.
---
daemon/libvirtd.sasl | 9 ++++++---
docs/auth.html.in | 3 ++-
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/daemon/libvirtd.sasl b/daemon/libvirtd.sasl
index e24a130..bfa056f 100644
--- a/daemon/libvirtd.sasl
+++ b/daemon/libvirtd.sasl
@@ -18,9 +18,12 @@ mech_list: digest-md5
# qemu+tcp://hostname/system?auth=sasl.gssapi
#mech_list: digest-md5 gssapi
-# MIT kerberos ignores this option & needs KRB5_KTNAME env var.
-# May be useful for other non-Linux OS though....
-keytab: /etc/libvirt/krb5.tab
+# Some older builds of MIT kerberos on Linux ignore this option &
+# instead need KRB5_KTNAME env var.
+# For modern Linux, and other OS, this should be sufficient
+#
+# There is no default value here, uncomment if you need this
+#keytab: /etc/libvirt/krb5.tab
# If using digest-md5 for username/passwds, then this is the file
# containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
diff --git a/docs/auth.html.in b/docs/auth.html.in
index 60e4f11..d792eb1 100644
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -233,7 +233,8 @@ The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
username+password style authentication. To enable Kerberos single-sign-on instead,
the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
-instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
+instead of the default <code>digest-md5</code>, and keytab should be set to
+<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
mechanism provides data encryption of the session.
</p>
--
1.7.11.7
12 years, 6 months
[libvirt] [PATCH] Log parameters passed to virFileMakePath
by Cole Robinson
---
src/util/util.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/util/util.c b/src/util/util.c
index bf60837..117a50f 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1261,6 +1261,8 @@ static int virFileMakePathHelper(char *path, mode_t mode)
struct stat st;
char *p;
+ VIR_DEBUG("path=%s mode=0%o", path, mode);
+
if (stat(path, &st) >= 0) {
if (S_ISDIR(st.st_mode))
return 0;
--
1.7.11.7
12 years, 6 months
[libvirt] [libvirt-tck PATCH] Use recent Fedora version
by Guido Günther
F12 isn't available on standard mirrors anymore.
---
conf/ks.cfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/ks.cfg b/conf/ks.cfg
index de82a26..b6269e9 100644
--- a/conf/ks.cfg
+++ b/conf/ks.cfg
@@ -1,6 +1,6 @@
install
text
-url --url=http://ftp-stud.hs-esslingen.de/Mirrors/fedora.redhat.com/linux/releases/12/Fedora/i386/os/
+url --url=http://ftp-stud.hs-esslingen.de/Mirrors/fedora.redhat.com/linux/releases/17/Fedora/i386/os/
lang en_US.UTF-8
keyboard de-latin1-nodeadkeys
network --device eth0 --bootproto dhcp
--
1.7.10.4
12 years, 6 months
[libvirt] [libvirt-tck PATCH] Debian calls mkisofs genisoimage
by Guido Günther
so check for that too when generating the iso.
---
lib/Sys/Virt/TCK/NetworkHelpers.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm
index f7f6d70..5e1bac1 100644
--- a/lib/Sys/Virt/TCK/NetworkHelpers.pm
+++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm
@@ -32,8 +32,10 @@ sub build_cdrom_ks_image {
unless (-e $isoimage) {
my $isofiledir = $tck->bucket_dir($bucket1);
my $ksfile = $tck->get_scratch_resource($ks, $bucket1, "ks.cfg");
+ my @progs = `which mkisofs genisoimage`;
+ chomp(@progs);
- `mkisofs -o "$isoimage" $isofiledir`;
+ `$progs[0] -o "$isoimage" $isofiledir`;
}
return ($isoimage, "cdrom:/ks.cfg");
--
1.7.10.4
12 years, 6 months
[libvirt] [PATCH] network: don't allow multiple default portgroups
by Laine Stump
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483
virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three
allow network definitions to contain multiple <portgroup> elements
with default='yes'. Only a single default portgroup should be allowed
for each network.
This patch updates networkValidate() (called by both
virNetworkCreate() and virNetworkDefine()) and
virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not
allow multiple default portgroups.
---
src/conf/network_conf.c | 35 ++++++++++++++++++++++++++---------
src/network/bridge_driver.c | 12 ++++++++++++
2 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 2f9ad2e..8976f2a 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -2752,7 +2752,8 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def,
/* virNetworkUpdateFlags */
unsigned int fflags ATTRIBUTE_UNUSED)
{
- int ii, ret = -1;
+ int ii, foundName = -1, foundDefault = -1;
+ int ret = -1;
virPortGroupDef portgroup;
memset(&portgroup, 0, sizeof(portgroup));
@@ -2766,9 +2767,11 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def,
/* check if a portgroup with same name already exists */
for (ii = 0; ii < def->nPortGroups; ii++) {
if (STREQ(portgroup.name, def->portGroups[ii].name))
- break;
+ foundName = ii;
+ if (def->portGroups[ii].isDefault)
+ foundDefault = ii;
}
- if (ii == def->nPortGroups &&
+ if (foundName == -1 &&
((command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) ||
(command == VIR_NETWORK_UPDATE_COMMAND_DELETE))) {
virReportError(VIR_ERR_OPERATION_INVALID,
@@ -2776,7 +2779,7 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def,
"in network '%s' matching <portgroup name='%s'>"),
def->name, portgroup.name);
goto cleanup;
- } else if (ii < def->nPortGroups &&
+ } else if (foundName >= 0 &&
((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
(command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST))) {
virReportError(VIR_ERR_OPERATION_INVALID,
@@ -2787,11 +2790,25 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def,
goto cleanup;
}
+ /* if there is already a different default, we can't make this
+ * one the default.
+ */
+ if (command != VIR_NETWORK_UPDATE_COMMAND_DELETE &&
+ portgroup.isDefault &&
+ foundDefault >= 0 && foundDefault != foundName) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("a different portgroup entry in "
+ "network '%s' is already set as the default. "
+ "Only one default is allowed."),
+ def->name);
+ goto cleanup;
+ }
+
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
/* replace existing entry */
- virPortGroupDefClear(&def->portGroups[ii]);
- def->portGroups[ii] = portgroup;
+ virPortGroupDefClear(&def->portGroups[foundName]);
+ def->portGroups[foundName] = portgroup;
memset(&portgroup, 0, sizeof(portgroup));
} else if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
@@ -2816,9 +2833,9 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def,
} else if (command == VIR_NETWORK_UPDATE_COMMAND_DELETE) {
/* remove it */
- virPortGroupDefClear(&def->portGroups[ii]);
- memmove(def->portGroups + ii, def->portGroups + ii + 1,
- sizeof(*def->portGroups) * (def->nPortGroups - ii - 1));
+ virPortGroupDefClear(&def->portGroups[foundName]);
+ memmove(def->portGroups + foundName, def->portGroups + foundName + 1,
+ sizeof(*def->portGroups) * (def->nPortGroups - foundName - 1));
def->nPortGroups--;
ignore_value(VIR_REALLOC_N(def->portGroups, def->nPortGroups));
} else {
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 1c97f29..8837843 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2618,6 +2618,7 @@ networkValidate(virNetworkDefPtr def)
{
int ii;
bool vlanUsed, vlanAllowed;
+ const char *defaultPortGroup = NULL;
/* The only type of networks that currently support transparent
* vlan configuration are those using hostdev sr-iov devices from
@@ -2638,6 +2639,17 @@ networkValidate(virNetworkDefPtr def)
== VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH)) {
vlanAllowed = true;
}
+ if (def->portGroups[ii].isDefault) {
+ if (defaultPortGroup) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("network '%s' has multiple default "
+ "<portgroup> elements (%s and %s), "
+ "but only one default is allowed"),
+ def->name, defaultPortGroup,
+ def->portGroups[ii].name);
+ }
+ defaultPortGroup = def->portGroups[ii].name;
+ }
}
if (vlanUsed && !vlanAllowed) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--
1.7.11.7
12 years, 6 months
[libvirt] 0.10.2 virtualport profileid (802.1Qbh) malformed
by Tom Lanyon
Hi,
I've just upgraded a test libvirtd host to 0.10.2 from 0.9.4 to be able to make use of the new 'virsh net-update add portgroup' live updates, however can't get my private/802.1Qbh interfaces working at all after the upgrade.
Trying to start an existing domain or install a new domain after the upgrade gives:
"ERROR internal error corrupted profileid string"
and a corresponding error in the libvirtd log:
"error : virNetDevVPortProfileMerge:381 : internal error corrupted profileid string"
I've tried all sorts of profileid combinations and tried defining the virtualport in the domain instead of in the network, to no avail. The source indicates this is to do with a malformed (not null terminated) profile id when merging the port profile. Why would this be happening? Any hints how to debug it?
My example network definition:
<network>
<name>testnet</name>
<uuid>76d32a2d-8433-6873-9c15-cdae30e7a632</uuid>
<forward dev='eth1' mode='private'>
<interface dev='eth1'/>
<interface dev='eth2'/>
<interface dev='eth3'/>
...
</forward>
<portgroup name='server1' default='yes'>
<virtualport type='802.1Qbh'>
<parameters profileid='profile-server1'/>
</virtualport>
</portgroup>
<portgroup name='server2'>
<virtualport type='802.1Qbh'>
<parameters profileid='profile-server2'/>
</virtualport>
</portgroup>
<portgroup name='server3'>
<virtualport type='802.1Qbh'>
<parameters profileid='profile-server3'/>
</virtualport>
</portgroup>
</network>
and a domain definition which throws an error on start-up:
<interface type='network'>
<mac address='52:54:00:d1:94:5f'/>
<source network='testnet' portgroup='server1'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Tom
12 years, 6 months
[libvirt] [PATCH 0/4] snapshot: work towards external system checkpoint
by Eric Blake
I've previously posted 1/4, it is now rebased to latest and some
bugs fixed that I found while testing later patches:
https://www.redhat.com/archives/libvir-list/2012-August/msg01252.html
The other three are new. My next snapshot task will be hooking up
external snapshots for an offline domain.
Eric Blake (4):
snapshot: new XML for external system checkpoint
snapshot: improve disk align checking
snapshot: populate new XML info for qemu snapshots
snapshot: merge pre-snapshot checks
docs/formatsnapshot.html.in | 11 ++
docs/schemas/domainsnapshot.rng | 23 ++++
src/conf/snapshot_conf.c | 91 ++++++++++----
src/conf/snapshot_conf.h | 4 +
src/qemu/qemu_driver.c | 133 ++++++++++-----------
tests/domainsnapshotxml2xmlin/external_vm.xml | 10 ++
tests/domainsnapshotxml2xmlin/noparent.xml | 9 ++
tests/domainsnapshotxml2xmlout/all_parameters.xml | 1 +
tests/domainsnapshotxml2xmlout/disk_snapshot.xml | 1 +
tests/domainsnapshotxml2xmlout/external_vm.xml | 43 +++++++
tests/domainsnapshotxml2xmlout/full_domain.xml | 1 +
tests/domainsnapshotxml2xmlout/metadata.xml | 1 +
tests/domainsnapshotxml2xmlout/noparent.xml | 1 +
.../noparent_nodescription.xml | 1 +
.../noparent_nodescription_noactive.xml | 1 +
tests/domainsnapshotxml2xmltest.c | 1 +
16 files changed, 241 insertions(+), 91 deletions(-)
create mode 100644 tests/domainsnapshotxml2xmlin/external_vm.xml
create mode 100644 tests/domainsnapshotxml2xmlin/noparent.xml
create mode 100644 tests/domainsnapshotxml2xmlout/external_vm.xml
--
1.7.11.4
12 years, 6 months
